Nucleus Cms

nucleus_cms

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0929 1Nucleus Group 1Nucleus Cms Apr 23, 2026 Mar 17, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors.
CVE-2006-3136 1Nucleus Group 1Nucleus Cms Apr 16, 2026 Jun 22, 2006 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2)...Show more Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being usedShow less
CVE-2006-2583 1Nucleus Group 1Nucleus Cms Apr 16, 2026 May 25, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.
CVE-2004-2056 1Nucleus Group 1Nucleus Cms Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter.